nora nora
Reputation: 21
Security in Jakarta EE: Why is the login page not being displayed?
I want to secure my web application deployed on GlassFish server 7.0.13. Despite of followind all the steps required for implementing a form authentication, from adding the users in the realm file allowed to access my resource pages to writing my web.xml descriptor, described in the official spec of Jakarta EE 9 page: enter link description here
All my pages are blocked and the login page isn't even displayed. Could you help me understand what's wrong?
here is my web.xml page :
<?xml version="1.0" encoding="UTF-8"?>
<web-app
xmlns="https://jakarta.ee/xml/ns/jakartaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/web-app_5_0.xsd"
version="5.0"
>
<servlet>
<servlet-name>facesServlet</servlet-name>
<servlet-class>jakarta.faces.webapp.FacesServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>facesServlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<display-name>Ricky's Restaurant</display-name>
<description>The menu and online ordering system for Ricky's Restaurant</description>
<session-config>
<session-timeout>120</session-timeout>
</session-config>
<!-- Security roles used by this web application -->
<security-role>
<role-name>user</role-name>
</security-role>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>users' allowed pages</web-resource-name>
<url-pattern>/result.xhtml</url-pattern>
<url-pattern>/thankYou.xhtml</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>staff pages</web-resource-name>
<url-pattern>/processorders.xhtml</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>file</realm-name>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/failed-login.html</form-error-page>
</form-login-config>
</login-config>
</web-app>
Upvotes: 0
Views: 26
Answers (0)
Related Questions
- Why is using the JavaScript eval function a bad idea?
- Jakarta EE 8 Security > Wildfly 26 Elytron - Role not being set
- Jakarta EE 10: Why am I being asked to login again after already loggin in?
- Integrating Spring Security with Jakarta EE 8 Security and JSF?
- "JACC Policy Provider:Failed Permission Check" on security constrained login page that has no authorization constraint
- How to secure a single url in a weblogic application?
- spring security authentication required page
- Spring - Security : how are login username and password bound to the authentication-provider?
- Configuring container-managed security in Weblogic